Category: Uncategorized

The Importance of Cyber Security and Compartmentalization

Author wefightforsecurityPosted on April 2, 2017April 2, 2017Categories Uncategorized

Cyber security is very important, but so is compartmentalization as an article in The Register makes very clear. A Texas based company fired an employee, because they hadn’t properly compartmentalized access to passwords for the company.

This one employee was able to access all the passwords on his own and emailed them to himself, thus allowing him to get revenge on his work and commit criminal hacking, which lead to losing over $100,000 of customer orders, not to mention the third party companies they had to pull in to audit the systems to recover from the damage the disgruntled employee had caused.

 

The employee was arrested by the FBI for violating the computer fraud and abuse act and exceeding authorization. If the company had properly compartmentalized access to each password, so one employee wouldn’t have had access to all of them, this wouldn’t have happened. Unfortunately, this didn’t take place nor did they reset passwords the employee had access to, which is standard procedure with companies who hire us.

 

 

 

WPCore SYS WordPress malware Installed by Hackers Who Are Criminals

Author wefightforsecurityPosted on March 25, 2017April 10, 2020Categories Uncategorized

Hello Dolly, is a famous song by Jazz singer Louis Armstrong and a WordPress plugin with the words to his song Hello Dolly. While a plugin like that would usually get few downloads this comes pre-installed in every single WordPress install.

Before you start panicking Hello Dolly is not vulnerable at least not that we are aware of, rather pirates are exploiting vulnerabilities in other plugins you have installed and inserting malware into the plugins directory called WPCoreSys. Hello Dolly is mentioned because they attempt to mask their malware by making database entries claiming it is for the Hello Dolly plugin table. Hello Dolly does not have a database, but most people do not know that.

Programs like anti malware removal have detected and removed WPCoreSYS, unfortunately at that point the damage has already been done and could cost your company tens of thousands of dollars in sales.

WPCoreSYS is a malware infection for WordPress that injects it’s own malicious code into valid themes, plugins and even the wordpress core to try and make it harder to remove.

We have cleaned up WPCoreSys infections, which would be covered under any of our malware removal plans, including our most affordable plan that starts at 49.99.

You can see a whole list of our plans on https://planetzuda.com